Advanced Secure Gateway Security Vulnerabilities and Issues — Advanced Secure Gateway CVE List

Lucene search

BroadcomAdvanced Secure Gateway

16 matches found

CVE•added 2018/04/11 2:29 p.m.•66 views

CVE-2016-10258

Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code...

6.8CVSS6.8AI score0.1095EPSS

CVE•added 2018/04/11 2:29 p.m.•53 views

CVE-2017-13677

Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A remote attacker can use crafted HTTP/HTTPS requests to cause denial-of-service through management console application crashes.

7.5CVSS7.4AI score0.07189EPSS

CVE•added 2020/04/10 12:15 a.m.•52 views

CVE-2019-18375

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability. A remote attacker, with access to the appliance management interface, can hijack the session of a currently logged-in user and access the management console.

6.5CVSS6.4AI score0.00222EPSS

CVE•added 2018/04/11 2:29 p.m.•50 views

CVE-2017-13678

Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

4.8CVSS5.7AI score0.00312EPSS

CVE•added 2023/06/01 1:15 a.m.•49 views

CVE-2023-23952

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Command Injection vulnerability.

9.8CVSS9.5AI score0.00688EPSS

CVE•added 2018/05/29 1:29 p.m.•46 views

CVE-2018-5241

Symantec Advanced Secure Gateway (ASG) 6.6 and 6.7, and ProxySG 6.5, 6.6, and 6.7 are susceptible to a SAML authentication bypass vulnerability. The products can be configured with a SAML authentication realm to authenticate network users in intercepted proxy traffic. When parsing SAML responses, A...

9.8CVSS9.5AI score0.09752EPSS

CVE•added 2018/01/10 2:29 a.m.•44 views

CVE-2016-10257

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing a...

6.1CVSS6AI score0.00378EPSS

CVE•added 2022/07/07 4:15 p.m.•43 views

CVE-2021-46825

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web ser...

9.1CVSS9.1AI score0.00402EPSS

CVE•added 2019/08/30 9:15 a.m.•41 views

CVE-2018-18370

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web lis...

6.1CVSS5.9AI score0.0025EPSS

CVE•added 2019/08/30 9:15 a.m.•40 views

CVE-2018-18371

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. An information disclosure vulnerability in the WebFTP mode allows a malicious user to obtain plaintext authentication credentials for a remote FTP server ...

6.5CVSS6.4AI score0.00273EPSS

CVE•added 2017/05/11 2:30 p.m.•39 views

CVE-2016-9099

Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the ta...

6.1CVSS6.3AI score0.00312EPSS

CVE•added 2017/05/11 2:30 p.m.•37 views

CVE-2016-9097

The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only acce...

8CVSS6.9AI score0.01223EPSS

CVE•added 2023/06/01 1:15 a.m.•36 views

CVE-2023-23955

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Server-Side Request Forgery vulnerability.

8.1CVSS8AI score0.00105EPSS

CVE•added 2017/05/11 2:30 p.m.•35 views

CVE-2016-9100

Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an a...

7.8CVSS7.2AI score0.00169EPSS

CVE•added 2023/06/01 1:15 a.m.•34 views

CVE-2023-23954

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability.

5.4CVSS5.2AI score0.00331EPSS

CVE•added 2023/06/01 1:15 a.m.•32 views

CVE-2023-23953

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.

7.8CVSS7.6AI score0.00053EPSS